kopia lustrzana https://github.com/simonw/datasette
Consider every plugins opinion in datasette.permission_allowed()
Closes #2275, refs #2262pull/2096/merge
rodzic
232a30459b
commit
8bfa3a51c2
|
@ -903,6 +903,8 @@ class Datasette:
|
|||
# Use default from registered permission, if available
|
||||
if default is DEFAULT_NOT_SET and action in self.permissions:
|
||||
default = self.permissions[action].default
|
||||
opinions = []
|
||||
# Every plugin is consulted for their opinion
|
||||
for check in pm.hook.permission_allowed(
|
||||
datasette=self,
|
||||
actor=actor,
|
||||
|
@ -911,9 +913,19 @@ class Datasette:
|
|||
):
|
||||
check = await await_me_maybe(check)
|
||||
if check is not None:
|
||||
result = check
|
||||
opinions.append(check)
|
||||
|
||||
result = None
|
||||
# If any plugin said False it's false - the veto rule
|
||||
if any(not r for r in opinions):
|
||||
result = False
|
||||
elif any(r for r in opinions):
|
||||
# Otherwise, if any plugin said True it's true
|
||||
result = True
|
||||
|
||||
used_default = False
|
||||
if result is None:
|
||||
# No plugin expressed an opinion, so use the default
|
||||
result = default
|
||||
used_default = True
|
||||
self._permission_checks.append(
|
||||
|
|
|
@ -71,6 +71,23 @@ Datasette's built-in view permissions (``view-database``, ``view-table`` etc) de
|
|||
|
||||
Permissions with potentially harmful effects should default to *deny*. Plugin authors should account for this when designing new plugins - for example, the `datasette-upload-csvs <https://github.com/simonw/datasette-upload-csvs>`__ plugin defaults to deny so that installations don't accidentally allow unauthenticated users to create new tables by uploading a CSV file.
|
||||
|
||||
.. _authentication_permissions_explained:
|
||||
|
||||
How permissions are resolved
|
||||
----------------------------
|
||||
|
||||
The :ref:`datasette.permission_allowed(actor, action, resource=None, default=...)<datasette_permission_allowed>` method is called to check if an actor is allowed to perform a specific action.
|
||||
|
||||
This method asks every plugin that implements the :ref:`plugin_hook_permission_allowed` hook if the actor is allowed to perform the action.
|
||||
|
||||
Each plugin can return ``True`` to indicate that the actor is allowed to perform the action, ``False`` if they are not allowed and ``None`` if the plugin has no opinion on the matter.
|
||||
|
||||
``False`` acts as a veto - if any plugin returns ``False`` then the permission check is denied. Otherwise, if any plugin returns ``True`` then the permission check is allowed.
|
||||
|
||||
The ``resource`` argument can be used to specify a specific resource that the action is being performed against. Some permissions, such as ``view-instance``, do not involve a resource. Others such as ``view-database`` have a resource that is a string naming the database. Permissions that take both a database name and the name of a table, view or canned query within that database use a resource that is a tuple of two strings, ``(database_name, resource_name)``.
|
||||
|
||||
Plugins that implement the ``permission_allowed()`` hook can decide if they are going to consider the provided resource or not.
|
||||
|
||||
.. _authentication_permissions_allow:
|
||||
|
||||
Defining permissions with "allow" blocks
|
||||
|
|
Ładowanie…
Reference in New Issue